WO2023275947A1 - Système de vérification d'intégrité d'informations de circuit et procédé de vérification d'intégrité d'informations de circuit - Google Patents

Système de vérification d'intégrité d'informations de circuit et procédé de vérification d'intégrité d'informations de circuit Download PDF

Info

Publication number
WO2023275947A1
WO2023275947A1 PCT/JP2021/024405 JP2021024405W WO2023275947A1 WO 2023275947 A1 WO2023275947 A1 WO 2023275947A1 JP 2021024405 W JP2021024405 W JP 2021024405W WO 2023275947 A1 WO2023275947 A1 WO 2023275947A1
Authority
WO
WIPO (PCT)
Prior art keywords
signature
cpu
circuit information
fpga
input value
Prior art date
Application number
PCT/JP2021/024405
Other languages
English (en)
Japanese (ja)
Inventor
友梨香 菅
高生 山下
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2021/024405 priority Critical patent/WO2023275947A1/fr
Priority to JP2023531162A priority patent/JPWO2023275947A1/ja
Publication of WO2023275947A1 publication Critical patent/WO2023275947A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]

Definitions

  • the present invention relates to a circuit information integrity verification system and a circuit information integrity verification method between a CPU and an accelerator.
  • APL software applications
  • accelerators such as GPUs (Graphics Processing Units) and FPGAs (Field Programmable Gate Arrays)
  • performance and power efficiency that cannot be achieved with software (CPU processing) alone can be achieved. Examples of this are increasing.
  • a large-scale server cluster such as a data center that constitutes NFV (Network Functions Virtualization) or SDN (Software Defined Network)
  • NFV Network Functions Virtualization
  • SDN Software Defined Network
  • a protection area (enclave) is provided in the memory on the CPU side, and by saving important information in this protection area (enclave), the OS/driver/BIOS/VMM is compromised. Attacks can be prevented.
  • the APL can change from a state in which the OS and VMM are trusted to a state in which only a more limited region, which is a region protected by hardware, is trusted, thereby reducing the load on the APL.
  • circuit information in the case of GPU, circuit information is algorithm information
  • information related to calculation process between the protection area (enclave) on the CPU side and the GPU and FPGA device that performs processing Falsification is a threat.
  • Information that may be falsified includes, for example, circuit information for performing calculations in the FPGA, values sent from the CPU to the FPGA for calculation, and values sent from the FPGA to the CPU. It is necessary to be able to confirm and detect that information that may be tampered with has not been tampered with.
  • FIG. 26 is a schematic configuration diagram of a communication system between Enclave and FPGA.
  • An FPGA is taken as an example of an accelerator.
  • the Enclave-FPGA communication system includes a development PC 10, an input value generator 20, a CPU 30, and an FPGA 40 that is an accelerator that executes offloaded calculations.
  • a PC (Personal Computer) 10 for development is operated by the function manager 2, and uses PC resources to create circuit information 11 that is set in advance for offloading calculations to the FPGA.
  • An input value source 20 generates the input values 12 needed to offload.
  • the CPU 30 comprises an enclave external memory 31 , a protected area (enclave) 32 and an FPGA transfer function program 33 .
  • the FPGA transfer function program 33 is a function program executed by the CPU 30 .
  • the notation in which the FPGA transfer function program 33 is described as the subject describes the function of the CPU 30 executing the FPGA transfer function program 33 for the sake of convenience.
  • the external memory 31 of the enclave receives circuit information 11 from the development PC 10 (see S1) and input value 12 (input value necessary for offloading) from the input value generator 20. (See S2).
  • the input circuit information 11 is stored in the memory 31 outside the enclave.
  • the protected area (enclave) 32 has a management/verification program 34 to prevent falsification.
  • circuit information 11 and input value 12 are stored in the protected area (enclave) 32 .
  • the FPGA transfer function program 33 inputs the information of the enclave external memory 31 (see S3) and transfers it to the protected area (enclave) 32 (see S4).
  • the FPGA transfer function program 33 transfers the circuit information 11 and the input value 12 to the protected area (enclave) 32 .
  • the FPGA transfer function program 33 reads the information (here, the input value 12) of the protected area (enclave) 32 (see S5).
  • the FPGA transfer function program 33 transmits important information (here, circuit information 11, input value 12) stored in the protected area (enclave) 32 on the CPU 30 side to the FPGA 40 (see S6 and S7), and performs calculations from the FPGA 40. Receives the calculation result (output value 13, which is the result of offloading calculation and output) using the dedicated circuit 41 (see S8).
  • the CPU 30 transmits the circuit information 11 to the FPGA 40 to cause the FPGA 40 to form the arithmetic circuit 41 and offloads part of the APL processing to the FPGA 40 .
  • the FPGA 40 performs computation using the computation circuit 41 for the offloaded APL processing, and transfers the computation result to the CPU 30 .
  • the FPGA 40 has an arithmetic circuit 41 and a RAM 42 .
  • the computation circuit 41 computes the processing of the offloaded APL (see S8) and outputs the output value 13, which is the computation result, to the RAM 42.
  • the RAM 42 temporarily stores the information (circuit information 11, input value 12) transferred from the CPU 30 by the FPGA transfer function program 33, and also stores the calculation result (output value 13 ) is temporarily saved.
  • Information that may be tampered with includes circuit information 11 for performing calculations in the FPGA 40, and tampering of values (circuit information 11, input value 12) sent from the CPU to the FPGA for calculation (references c and 12 in FIG. 26). d), and falsification of the value (output value 13) sent from the FPGA to the CPU (see symbol e in FIG. 26). It is necessary to be able to confirm and detect that information that may be tampered with has not been tampered with.
  • the FPGA 40 can confirm the reliability of the circuit information 11 and the input value 12 transferred from the protected area (enclave) 32 on the CPU 30 side.
  • - CPU30 enables it to confirm the reliability of the output value 13 transferred from FPGA40.
  • FIG. 26 it is assumed that the circuit information 11, the input value 12 and the output value 13 are tampered with in each communication path. • Functional user 2 trusts enclave 32 within CPU 30 .
  • FIG. 27 is a schematic configuration diagram of a communication system between Enclave and FPGA that deals with the possibility of tampering.
  • the same reference numerals are given to the same components as those in FIG.
  • FIG. 28 is a diagram for explaining the signing of the circuit information 11 by the signature grantor 50 using the secret key (signature grantor) 51 .
  • the Enclave-FPGA communication system dealing with the possibility of falsification further includes a signature grantor 50 (signature granting device) in addition to the Enclave-FPGA communication system of FIG.
  • a signature assigner 50 is an input terminal device used by a person who attaches a signature to the circuit information 11 .
  • the signature grantor 50 has a private key (signature grantor) 51 , a public key (signature grantor) 52 and a signature (signature grantor) 53 . As indicated by symbol g in FIG. 28 , the signature grantor 50 uses a private key (signature grantor) 51 to generate a signature for the circuit information 11 .
  • the signature grantor 50 gives the development PC 10 a private key (signature grantor) 51, a public key (signature grantor) 52, and a signature (signature grantor) 53 (see S11).
  • the development PC 10 shown in FIG. 27 sends the circuit information 11 with a public key (signature grantor) 52 and a signature (signature grantor) 53 to the enclave external memory 31 of the CPU 30 (see S1).
  • the FPGA transfer function program 33 of the CPU 30 shown in FIG. (see S1).
  • the FPGA transfer function program 33 stores important information (here, circuit information 11 with a public key (signature grantor) 52 and a signature (signature grantor) 53, which is stored in a protected area (enclave) 32 of the CPU 30,
  • the input value 12 is sent to the FPGA 40 (see S6 and S7), and the calculation result (here, the output value 13) using the arithmetic circuit 41 is received from the FPGA 40 (see S8).
  • RAM 42 temporarily stores information (circuit information 11 with public key (signature grantor) 52 and signature (signature grantor) 53, input value 12) transferred by FPGA transfer function program 33 from CPU 30. At the same time, the calculation result (output value 13) using the arithmetic circuit 41 to be transferred to the CPU 30 is temporarily stored.
  • the CPU 30 has a protection area (enclave) 32 for preventing falsification.
  • enclave an area for preventing falsification.
  • the circuit information 11 and information about the calculation process between the protected area on the CPU 30 side and the FPGA 40 that performs the processing there is a possibility that the information is tampered with during the exchange (see symbols ae in FIG. 26). ). In this case, there is a problem that it is not possible to confirm or detect that the data has not been tampered with.
  • the present invention has been made in view of such a background, and the present invention makes it possible to confirm the integrity that circuit information has not been tampered with, and to reduce the processing load of the FPGA.
  • the task is to
  • the present invention provides a circuit that includes a CPU and an accelerator that executes specific processing of an application offloaded from the CPU, and that verifies the integrity of circuit information between the CPU and the accelerator.
  • the CPU has a protection area for preventing falsification, and the protection area verifies the signature of the circuit information signed by the development PC and sent to the CPU. and a signature replacement unit that replaces the signature verified by the signature verification unit with the key of the CPU before sending the circuit information to the accelerator side, wherein the accelerator includes the When an input value is sent from a CPU, a calculation is executed based on the input value, a hash value of the input value and the circuit information, and a signature are added to the output value and sent to the CPU.
  • the circuit information integrity verification system is characterized by:
  • FIG. 1 is a diagram showing a configuration example of a circuit information integrity verification system according to an embodiment of the present invention
  • FIG. FIG. 4 is an operation explanatory diagram of ⁇ writing circuit information (CPU side)> of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is a diagram illustrating signature verification of circuit information by the signature verification unit of the CPU of the circuit information integrity verification system according to the embodiment of the present invention
  • 3 is a control sequence diagram of ⁇ writing circuit information (CPU side)> of the circuit information integrity verification system of FIG. 2
  • FIG. FIG. 4 is an operation explanatory diagram of ⁇ writing circuit information to FPGA> of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is a diagram illustrating hash value generation by the CPU of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is a diagram for explaining a signature of circuit information by a private key (CPU) of a signature generation unit of the CPU of the circuit information integrity verification system according to the embodiment of the present invention
  • It is a figure explaining the signature verification of FPGA of the integrity verification system of the circuit information which concerns on embodiment of this invention.
  • 6 is a control sequence diagram of ⁇ write circuit information to FPGA> of the circuit information integrity verification system of FIG. 5;
  • FIG. 5 is a control sequence diagram of ⁇ write circuit information to FPGA> of the circuit information integrity verification system of FIG. 5;
  • FIG. 4 is an operation explanatory diagram of ⁇ start after writing> of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is an operation explanatory diagram of ⁇ output of calculation result using circuit> of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is a diagram illustrating a signature of an input value by a private key (input value generator) of an input value generator in the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is an operation explanatory diagram of ⁇ start after writing> of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is an operation explanatory diagram of ⁇ output of calculation result using circuit> of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is a diagram illustrating a signature of an input value by a private key (input value generator) of an input value
  • FIG. 10 is a control sequence diagram of ⁇ starting after writing-output of computation result using circuit> of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is a diagram illustrating a signature of an input value by a private key (input value generator) of an input value generator in the circuit information integrity verification system according to the embodiment of the present invention
  • It is a figure explaining the signature of the random number by the private key (FPGA) of FPGA of the integrity verification system of the circuit information which concerns on embodiment of this invention.
  • FIG. 10 is an operation explanatory diagram of ⁇ output result transmission> of the circuit information integrity verification system according to the embodiment of the present invention; It is a figure explaining key pair generation of the public key (FPGA) of FPGA of the integrity verification system of the circuit information which concerns on embodiment of this invention, and a private key (FPGA). It is a figure explaining hash value generation of FPGA of the integrity verification system of circuit information concerning an embodiment of the present invention.
  • FIG. 4 is a diagram for explaining signatures of input values of FPGA, hash values of circuit information, and output values of the circuit information integrity verification system according to the embodiment of the present invention; FIG. 4 is an explanatory diagram of hash value verification of circuit information and input values in the circuit information integrity verification system according to the embodiment of the present invention; FIG.
  • FIG. 4 is a control sequence diagram of ⁇ output result transmission> of the circuit information integrity verification system according to the embodiment of the present invention
  • FIG. 4 is a diagram illustrating signature verification of a signature (FPGA) attached to an output value using a public key (FPGA) of the CPU of the circuit information integrity verification system according to the embodiment of the present invention
  • 1 is a schematic configuration diagram of a conventional Enclave-FPGA communication system
  • FIG. 1 is a schematic configuration diagram of a conventional Enclave-FPGA communication system that deals with the possibility of tampering
  • FIG. FIG. 28 is a diagram for explaining signing circuit information using a signature grantor's private key (signature grantor) in the Enclave-FPGA communication system of FIG. 27;
  • FIG. 1 is a diagram showing a configuration example of a circuit information integrity verification system 1 between a CPU and an accelerator according to an embodiment of the present invention.
  • the same components as in FIGS. 26 and 27 are denoted by the same reference numerals.
  • the circuit information integrity verification system 1 shown in FIG. 1 includes a CPU 100, an FPGA 200 (accelerator), and an input value generator 300.
  • a development PC 10 is connected to the CPU 100 , and a signature grantor 50 is connected to the development PC 10 .
  • the development PC 10 creates circuit information 11 that is set in advance for offloading calculations in the FPGA, and sends it to the signature grantor 50 (not shown).
  • the development PC 10 sends the circuit information 11, the public key (signature grantor) 52, and the signature (signature grantor) 53 to the CPU 100 in ⁇ circuit information writing (CPU side)>.
  • the signature grantor 50 adds a signature to the circuit information 11 created and sent by the development PC 10, and sends the signature to the development PC 10 (see S11).
  • a signature grantor 50 generates a signature for the circuit information 11 using a private key (signature grantor) 51 .
  • a signature grantor 50 gives a private key (signature grantor) 51 , a public key (signature grantor) 52 , and a signature (signature grantor) 53 to the development PC 10 .
  • the CPU 100 comprises an enclave external memory 110, an FPGA transfer function program 120, and a protection area (enclave) 130 for preventing tampering.
  • the enclave external memory 110 is a normal area in which normal applications and the like operate.
  • the CPU 100 executes application programs using the non-enclave memory 110 .
  • the FPGA transfer function program 120 is a program for transferring data between the CPU and the accelerator (CPU100-FPGA200). Note that the FPGA transfer function program 120 may also be called an FPGA transfer function unit or an FPGA transfer management unit.
  • the CPU 100 receives the circuit information 11, the public key (signature grantor) 52, and the signature (signature grantor) 53 sent from the development PC 10, and The signature verification of the sent circuit information 11 is performed. Signature verification is performed using a public key (signature grantor) 52 .
  • the CPU 100 checks the signature of the information sent to the FPGA 200 side and replaces the signature.
  • the CPU 100 receives the input value sent from the FPGA 200, the hash value of the circuit information, and the signed output value, and verifies the hash value and signature. At this time, the CPU 100 confirms (attestation) that the FPGA is reliable based on the certificate and signature of the counterpart FPGA 200 .
  • the enclave 130 is a hardware protected area to prevent attacks that compromise the OS/drivers/Basic Input/Output System (BIOS)/Virtual Machine Manager (VMM).
  • An enclave 130 is provided on the CPU 100 side.
  • a protected area (enclave) 130 is a secure area in which a public key, a private key, circuit information 11 and the like are confined within the CPU 100 .
  • the protected area (enclave) 130 is an execution environment isolated from general application programs, and data and calculation processing are protected. It is executed in a privileged mode of the CPU or OS (Operating System), and it is possible to call programs and access data in the protected area (enclave) 130 only by specific programs and specific procedures.
  • OS Operating System
  • the protected area (enclave) 130 stores a signature reception unit 131, a signature verification unit 132, a key pair generation unit 133, a signature generation unit 134, a signature replacement unit 135, and a signature transmission unit 136.
  • the signature receiving unit 131 receives the circuit information 11, the public key (signature grantor) 52, and the signature (signature grantor) 53 transmitted from the development PC 10.
  • the signature verification unit 132 verifies the signature of the signature (signature grantor) 53 received by the signature reception unit 131 .
  • the signature verification unit 132 verifies the signature of the circuit information 11 signed by the development PC 10 and sent to the CPU 100 .
  • the signature verification unit 132 verifies the signature of the input value 12 that is signed by the source of the input value 12 and sent to the relevant CPU 100 .
  • the signature verification unit 132 verifies the hash value (CPU) 152 of the circuit information 11 and the hash value calculated by the signature grantor 50 (calculated from the received signature (CPU) 403 and public key (CPU) 401). Perform signature verification by comparison.
  • the signature verification unit 132 verifies the hash value and signature sent from the FPGA 200 .
  • the signature verification unit 132 calculates a hash value (bit string) using a hash function algorithm such as MD5 (message digest algorithm 5) or SHA (Secure Hash Algorithm). This hash algorithm must be the same for both CPU 100 and FPGA 200 .
  • the key pair generation unit 133 generates a key pair based on the public key (CPU) 401 and the private key (CPU) 402.
  • the signature generation unit 134 After calculating the hash value (CPU) 152 of the circuit information 11 , the signature generation unit 134 creates a signature (signature (CPU) 403 ) with the hash value (CPU) 152 and the secret key (CPU) 402 .
  • the signature replacement unit 135 adds the signature (CPU) 403 and public key (CPU) 401 generated by the signature generation unit 134 to the circuit information 11 . That is, the signature replacement unit 135 checks the signature of the information sent to the FPGA 200 side, and replaces the signature with the key of the CPU.
  • the signature replacement unit 135 replaces the signature verified by the signature verification unit 132 with the key of the CPU 100 before sending the circuit information 11 to the FPGA 200 side.
  • the signature replacement unit 135 replaces the signature verified by the signature verification unit 132 with the key of the CPU 100 before sending the input value 12 to the FPGA 200 side.
  • the signature sending unit 136 sends the circuit information 11 , the public key of the CPU (CPU) 401 and the signature of the CPU (CPU) 403 to the FPGA 200 . Based on this, the FPGA 200 verifies the signature and generates a hash value.
  • the FPGA 200 is an accelerator provided on an accelerator board (not shown). Although this embodiment takes an FPGA as an example of an accelerator, an accelerator such as a GPU may be used.
  • the FPGA 200 performs calculation based on the input value 12, adds the hash value of the input value 12 and the circuit information 11, and the signature to the output value, and sends the input value 12 to the CPU 100. Send to
  • FPGA 200 generates a key pair.
  • FPGA 200 generates a hash value of the input value. Further, the FPGA 200 has a public key registered in advance out of the public key and the private key generated by the CPU 100, and the signature of the circuit information 11 signed by the CPU 100 and sent to the FPGA 200 is transmitted using the registered public key. to verify.
  • the FPGA 200 sends to the CPU 100 the input value, the hash value of the circuit information, and the signed output value.
  • the FPGA 200 adds a hash value (circuit information) 232 , a hash value (input value) 231 and a signature (FPGA) 233 to the output result (output value 13 ) and sends it to the CPU 100 .
  • the CPU 100 verifies the hash value and signature received from the FPGA 200 .
  • the input value generator 300 sends a public key (input value generator) 301, a private key (input value generator) 301, and a signature (input value generator) 303 to the memory 110 outside the enclave of the CPU 100 (see S22). .
  • a circuit information integrity verification method of the circuit information integrity verification system 1 configured as described above will be described below.
  • the gist of the present invention is that the circuit information 11 developed by the development PC 10 is not sent to the FPGA 200 as it is, but is first verified by the CPU 100 and then sent to the FPGA 200 .
  • Circuit information 11 , circuit information 11 , public key (signature grantor) 52 , and signature (signature grantor) 53 are stored in a protected area (enclave) 130 and verified on the CPU 100 side. After verification, the input value 12 and the output value 13 are verified using only the public key of the key pair of the CPU 100 .
  • the signature and public key are not the original signature (signature grantor) 53 and public key (public key (signature grantor) 52), but the signature (CPU) 403 and public key (public key (CPU) 401) of the CPU 100. ) and sent to the FPGA 200.
  • the FPGA 200 performs calculation based on the input value 12, and for the output value 13, the input value 12 and the hash value of the circuit information 11 and the signature (signature (FPGA) 233) is added and sent to the CPU 100. By verifying it, the CPU 100 finds that there is no tampering, which is certain.
  • each stage is divided into stages of startup, ⁇ calculation result output using the circuit>, ⁇ startup after writing - calculation result output using the circuit>, and ⁇ output result transmission>, and the operation of the device used in each stage is explained. Description will be made with reference to the figure and the control sequence diagram.
  • FIG. 2 is an operation explanatory diagram of ⁇ writing circuit information (CPU side)> of the circuit information integrity verification system 1 between the CPU and the FPGA 200.
  • FIG. 3 is a diagram for explaining signature verification of the circuit information 11 by the signature verification unit 132 of the CPU 100. As shown in FIG.
  • the development PC 10 creates the circuit information 11 and sends it to the signature grantor 50 .
  • the signature grantor 50 generates a signature for the circuit information 11 using a private key (signature grantor) 51, as indicated by symbol g in FIG.
  • the signature grantor 50 gives the development PC 10 a private key (signature grantor) 51, a public key (signature grantor) 52, and a signature (signature grantor) 53 (see S11).
  • a signature grantor 50 guaranteed by a reliable third party (CA: Certificate Authority, public key certificate authority or certification authority) signs the circuit information 11, and the signature is attached to the circuit information 11.
  • CA Certificate Authority, public key certificate authority or certification authority
  • the destination CPU 30 can verify whether or not the circuit information 11 has been tampered with.
  • the development PC 10 sends the circuit information 11 with the public key (signature grantor) 52 and the signature (signature grantor) 53 to the external memory 110 of the CPU 100 (see S21).
  • the FPGA transfer function program 120 of the CPU 100 sends the circuit information 11 with the public key (signature grantor) 52 and the signature (signature grantor) 53 temporarily stored in the memory 110 outside the enclave to the signature verification unit 132 of the CPU 100 ( S27, S28).
  • the signature verification unit 132 uses the signature (signature grantor) 53 to verify the signature of the circuit information 11 encrypted with the public key (signature grantor) 52, as indicated by symbol h in FIG.
  • FIG. 4 is a control sequence diagram of ⁇ writing circuit information (CPU side)> of the circuit information integrity verification system 1 between the CPU and the accelerator shown in FIG.
  • the development PC 10 inputs the original data of the circuit information 11 and creates the circuit information 11 (see S101).
  • the development PC 10 sends the created circuit information 11 to the signature grantor 50 (see S102).
  • the signature grantor 50 inputs a private key (signature grantor) 51 and a public key (signature grantor) 52 (see S103).
  • the signature grantor 50 generates a signature by adding a signature (signature grantor) to the circuit information 11 sent from the development PC 10 using a secret key (signature grantor) 51 (see S104).
  • the signature grantor 50 sends the signature-generated public key (signature grantor) 52 and signature (signature grantor) 53 to the development PC 10 (see S105).
  • the development PC 10 puts together the created circuit information 11, the public key (signature grantor) 52 signature-generated by the signature grantor 50, and the signature (signature grantor) 53 (see S106).
  • the development PC 10 sends the circuit information 11, the public key (signature grantor) 52, and the signature (signature grantor) 53 to the CPU 100 (circuit information and signature transmission) (see S107).
  • the CPU 100 verifies the signature of the circuit information 11 in the signature verification unit 132 (see FIG. 2) arranged in the protected area (enclave) 130 (see S108). That is, the signature verification unit 132 uses the signature (signature grantor) 53 to verify the signature of the circuit information 11 encrypted with the public key (signature grantor) 52, as indicated by symbol h in FIG. ⁇ Writing circuit information (CPU side)> has been described above.
  • FIG. 5 is an operation explanatory diagram of ⁇ writing circuit information to FPGA> of the circuit information integrity verification system 1.
  • FIG. FIG. 6 is a diagram for explaining hash value generation by the CPU 100.
  • FIG. 7 is a diagram for explaining the signature of the circuit information 11 by the private key (CPU) 402 of the signature generation unit 134 of the CPU 100.
  • FIG. 8 is a diagram for explaining signature verification of the FPGA 200.
  • FIG. 9 is a diagram for explaining hash value generation of the FPGA 200.
  • FIG. 6 is a diagram for explaining hash value generation by the CPU 100.
  • FIG. 7 is a diagram for explaining the signature of the circuit information 11 by the private key (CPU) 402 of the signature generation unit 134 of the CPU 100.
  • FIG. 8 is a diagram for explaining signature verification of the FPGA 200.
  • FIG. 9 is a diagram for explaining hash value generation of the FPGA 200.
  • FIG. 9 is a diagram for explaining hash value generation of the FPGA 200.
  • the signature verification unit 132 of the CPU 100 verifies the signature of the signature grantor 50 in the signature reception unit 131 . Specifically, it is as follows. As shown in FIG. 6, the signature verification unit 132 inputs circuit information 11, a public key (CPU) 401 and a signature (CPU) 402, and generates a hash value (circuit information) 152 using a hash function (CPU) 151. do. The signature verification unit 132 calculates the hash value (circuit information) 152 of the circuit information 11 and the hash value calculated by the signer (calculated from the received signature (signature grantor) 53 and public key (signature grantor) 52). Perform signature verification by comparison.
  • the signature verification unit 132 inputs circuit information 11, a public key (CPU) 401 and a signature (CPU) 402, and generates a hash value (circuit information) 152 using a hash function (CPU) 151. do.
  • the signature verification unit 132 calculates the hash value (circuit information) 152
  • a key pair generation unit 133 of the CPU 100 generates a key pair of a public key (CPU) 401 and a private key (CPU) 402 .
  • the signature generator 134 of the CPU 100 signs the circuit information 11 (see FIG. 7). As indicated by symbol i in FIG. to sign (CPU).
  • a signature replacement unit 135 of the CPU 100 adds a signature (CPU) 402 and a public key (CPU) 401 generated by the signature generation unit 134 to the circuit information 11 . That is, the signature replacement unit 135 checks the signature of the information sent to the FPGA 200 side and replaces the signature with the key of the CPU 100 .
  • the signature (signature grantor) 53 of the signature grantor 50 verified and confirmed in ⁇ writing circuit information (CPU side)> shown in FIGS. ) to change the signature (re-signature) to make a signature (CPU) 403 .
  • the CPU 100 attests with the counterpart FPGA 200 that it is a trustworthy FPGA based on the certificate and signature of the FPGA 200 .
  • the signature sending unit 136 of the CPU 100 sends the circuit information 11, the public key (CPU) 401 of the CPU 100, and the signature (CPU) 403 of the CPU 100 to the FPGA 200 (see S31).
  • the signature/hash function unit 211 of the calculation circuit 210 verifies the signature and generates a hash value. Specifically, it is as follows. First, among the public key (CPU) 401 and the private key (CPU) 402 generated by the CPU 100 , the public key (CPU) 401 is registered in advance in the RAM 220 of the FPGA 200 . As shown in FIG. 8, the signature/hash function unit 211 generates a hash value (circuit information) 152 of the circuit information 11 and a hash value calculated by the CPU 100 (from the received signature (CPU) 403 and public key (CPU) 401). ) is compared to verify the signature. As shown in FIG.
  • the signature/hash function unit 211 receives circuit information 11, a public key (CPU) 401 and a signature (CPU) 403, and uses a hash function (FPGA calculation) 161 to generate a hash value (circuit information). 162 is generated.
  • a hash function FPGA calculation
  • the hash function (FPGA calculation) 161 calculates a hash value (bit string) using a hash function algorithm such as MD5 or SHA. This hash algorithm is the same for both CPU 100 and FPGA 200 .
  • FIG. 10 is a control sequence diagram of ⁇ write circuit information to FPGA> of circuit information integrity verification system 1 between CPU-FPGA 200 in FIG.
  • FIG. 11 is a diagram explaining the signature of the random number 501 by the private key (FPGA) 223 of the FPGA 200.
  • the CPU 100 receives the circuit information 11, public key (signature grantor) 52, signature (Signature grantor) 53 is received (see S201).
  • the key pair generation unit 133 (see FIG. 5) of the CPU 100 generates a key pair of the public key (CPU) 401 and the private key (CPU) 402 (see S202).
  • the signature verification unit 132 calculates the hash value of the circuit information 11
  • the signature generation unit 134 (see FIG. 5) of the CPU 100 generates the hash value and the secret key ( CPU) 402 signs the circuit information 11 (see S203).
  • a signature replacement unit 135 (see FIG. 5) of the CPU 100 attaches a signature (CPU) 402 and a public key (CPU) 401 generated by the signature generation unit 134 to the circuit information 11, thereby generating a public key (CPU) 401 of the CPU 100. , the signature (CPU) 402 is replaced.
  • the FPGA 200 generates a key pair of a public key (FPGA) 222 and a private key (FPGA) 223 (see S204).
  • the CPU 100 attests with the counterpart FPGA 200 based on the certificate and signature of the FPGA 200 that the FPGA is trustworthy.
  • the CPU 100 sends the random number 501 to the FPGA 200 (see S205).
  • the FPGA 200 signs the random number 501 and creates a signature (FPGA) 502 by performing calculations using the random number 501 sent from the CPU 100 and the secret key (FPGA) 223, as indicated by symbol l in FIG. 11 (see S206). ).
  • the FPGA 200 sends the signature (FPGA) 502 and public key (FPGA) 222 to the CPU 100 (see S207).
  • the CPU 100 confirms that the FPGA is trustworthy by verifying the public key (FPGA) 222 and the signature (FPGA) 502 (see S208). This is the attestation.
  • the CPU 100 sends the circuit information 11, the public key (CPU) 401 of the CPU 100, and the signature (CPU) 402 of the CPU 100 to the FPGA 200 that has been confirmed to be a reliable FPGA (see S209).
  • the FPGA 200 compares the hash value (circuit information) 152 of the circuit information 11 with the hash value calculated by the CPU 100 (calculated from the received signature (CPU) 402 and public key (CPU) 401). signature verification (see S210). As shown in FIG. 9, the FPGA 200 receives circuit information 11, a public key (CPU) 401 and a signature (CPU) 403, and generates a hash value (circuit information) 162 using a hash function (FPGA calculation) 161 ( S211 reference).
  • the signature/hash function unit 211 verifies the signature and generates a hash value. Specifically, it is as follows. First, among the public key (CPU) 401 and the private key (CPU) 402 generated by the CPU 100 , the public key (CPU) 401 is registered in advance in the RAM 220 of the FPGA 200 . A signature/hash function unit 211 receives circuit information 11 , a public key (CPU) 401 and a signature (CPU) 403 and generates a hash value (circuit information) 162 using a hash function (FPGA calculation) 161 .
  • the signature/hash function unit 211 compares the hash value (circuit information) 162 of the circuit information 11 with the hash value calculated by the CPU 100 (calculated from the received signature (CPU) 402 and public key (CPU) 401). Perform signature verification. ⁇ Writing circuit information to FPGA> has been described above.
  • FIG. 12 is an operation explanatory diagram of ⁇ start after writing> of the integrity verification system 1 for circuit information between the CPU and the accelerator.
  • the FPGA transfer function program 120 of the CPU 100 reads the circuit information 11 of the signature replacement unit 135 placed in the protected area (enclave) 130 and sends it to the FPGA 200 (see S41).
  • the circuit of the FPGA 200 is set based on the circuit information 11 sent from the CPU 100 when the power is turned on.
  • FIG. 14 is a diagram for explaining the signature of the input value 12 by the private key (input value generator) 302 of the input value generator 300.
  • FIG. 15 is a diagram for explaining signature verification of the FPGA 200. As shown in FIG.
  • the input value generator 300 has an input value 12, a public key (input value generator) 301, a private key (input value generator) 301, and a signature (input value generator) 303.
  • a reliable third party such as the input value generator 300, can greatly reduce the amount of confirmation processing to determine whether the public key is reliable. That is, in the absence of a third party, in addition to confirming that the entities can trust each other, it is necessary to exchange public keys. If there is a third party, each entity can confirm the public key of the trusted third party.
  • the input value generator 300 signs the input value 12 using a private key (input value generator) 302, as indicated by symbol m in FIG.
  • the input value generator 300 sends the input value 12, public key (input value generator) 301, and signature (input value generator) 303 to the external memory 110 of the CPU 100 (see S51).
  • the signature receiving unit 131 of the CPU 100 receives the input value 12 sent from the input value source 300, the public key (input value source) 301, and the signature (input value source) 303.
  • the signature verification unit 132 of the CPU 100 verifies the signature of the input value 12. That is, the signature verification unit 132 uses the signature (input value source) 303 to verify the signature of the input value 12 encrypted with the public key (input value source) 52 .
  • the signature generation unit 134 of the CPU 100 signs the input value 12 sent from the input value generator 300 using the private key (input value generator) 302, as indicated by symbol m in FIG. ) 403.
  • the signature replacement unit 135 of the CPU 100 signs the input value 12 with the key of the CPU 100. That is, the signature replacement unit 135 replaces the signature of the input value 12 in the same manner as the circuit information 11 shown in FIG.
  • the signature sending unit 136 of the CPU 100 uses the FPGA transfer function program 120 to send the input value 12 with the signature replaced by the signature replacement unit 135 and the signature (CPU) 403 to the FPGA 200 (see S52).
  • the signature/hash function unit 211 verifies the signature. Specifically, it is as follows.
  • the signature/hash function unit 211 compares the hash value calculated by the CPU 100 (calculated from the received signature (CPU) 403 and public key (CPU) 401) to verify the signature, as indicated by symbol n in FIG. conduct.
  • the arithmetic circuit 210 of the FPGA 200 is set based on the circuit information 11 sent from the CPU 100 , and uses this circuit to calculate the output value 13 based on the input value 12 .
  • the calculation result using the circuit is temporarily stored in the RAM 220 together with the output value 13, the hash value (circuit information) 232, and the public key (CPU) 401 of the CPU 100.
  • FIG. 16 is a control sequence diagram of ⁇ start after writing-output of calculation results using the circuit> of the integrity verification system 1 for circuit information between the CPU and the FPGA 200.
  • FIG. 17 is a diagram for explaining the signature of the input value 12 by the private key (input value generator) 302 of the input value generator 300.
  • FIG. 18 is a diagram explaining the signature of the random number 501 by the private key (FPGA) 223 of the FPGA 200.
  • FIG. 17 is a diagram for explaining the signature of the input value 12 by the private key (input value generator) 302 of the input value generator 300.
  • FIG. 18 is a diagram explaining the signature of the random number 501 by the private key (FPGA) 223 of the FPGA 200.
  • the input value source 300 outputs a public key (input value source) 301 and a private key (input value source) 302 (see S301). .
  • the input value source 300 signs the input value 12 using a signature (input value source) 302 (see S302).
  • the input value generator 300 generates a signature for the input value 12 (see S303).
  • the input value generator 300 sends the input value 12, public key (input value generator) 301, and signature (input value generator) 303 to the CPU 100 (see S304).
  • the CPU 100 receives the circuit information 11 and the public key (signature grantor) 52 sent from the development PC 10 (see FIG. 2) at the signature receiving section 131 (see FIG. 5) located in the protected area (enclave) 130. , signature (signature grantor) 53, public key (CPU) 401, secret key (CPU) 402, and signature (CPU) 403 (see S305).
  • the CPU 100 sends the circuit information 11 to the FPGA 200 (see S307).
  • the CPU 100 verifies the signature of the public key (input value source) 301 using the signature (input value source) 303, as indicated by symbol o in FIG. 17 (see S308).
  • the CPU 100 signs the input value 12 using the private key (CPU) 402, as indicated by symbol p in FIG. 18 (see S309).
  • the CPU 100 re-signs (replaces) the input value 12 using the signature (CPU) 403 (see S310).
  • Resigning in the protected area includes "circuit information", “circuit information+input value”, and “circuit information+input value+output value”.
  • the effect of re-signing is as follows. That is, there is an effect that the number of public keys managed by the FPGA 200 is reduced. Without re-signing, FPGA 200 requires verification using various public keys. If the method for confirming the reliability of the public key is "Is the public key included in the certificate traceable from the root CA trusted by the recipient?", it is also necessary to trace the certificate from the root CA. . Also, since a certificate may be revoked once it is issued, it is also necessary to check for revocation. Thus, verifying that the certificate is trustworthy becomes a burden on the FPGA 200 .
  • the CPU 100 sends the resigned input value 12 and the signature (CPU) 403 to the FPGA 200 .
  • the FPGA 200 receives the public key (FPGA) 222 sent from the CPU 100, the private key (FPGA) 223, the hash value (circuit information) 232, and the public key (CPU) 401 sent from the CPU 100 (see S312).
  • the FPGA 200 receives the resigned circuit information 11 sent from the CPU 100 and (See S307). Based on the resigned input value 12 and the signature (CPU) 403 (see S311) sent from the CPU 100, signature verification and computation using a circuit are performed (see S312).
  • the signature verification in S312 is a signature verification that compares the hash value calculated by the CPU 100 (calculated from the received signature (CPU) 402 and public key (CPU) 401), as indicated by symbol n in FIG.
  • the FPGA 200 outputs an output value of 13 and terminates the sequence of ⁇ start after writing--output calculation result using circuit>. So far, ⁇ start after writing - output of calculation result using circuit> has been explained.
  • FIG. 19 is an operation explanatory diagram of ⁇ output result transmission> of the integrity verification system 1 for circuit information between the CPU and the accelerator.
  • FIG. 20 is a diagram for explaining key pair generation of a public key (FPGA) 222 and a private key (FPGA) 223 of the FPGA 200.
  • FIG. 21 is a diagram for explaining hash value generation of the FPGA 200.
  • FIG. 22A and 22B are diagrams for explaining input values of the FPGA 200, hash values of circuit information, and signatures of output values.
  • 23 is an explanatory diagram of hash value verification of the circuit information 11 and the input value 12.
  • FIG. 20 is a diagram for explaining key pair generation of a public key (FPGA) 222 and a private key (FPGA) 223 of the FPGA 200.
  • FIG. 21 is a diagram for explaining hash value generation of the FPGA 200.
  • FIG. 22A and 22B are diagrams for explaining input values of the FPGA 200, hash values of circuit information, and signatures of output
  • the FPGA 200 generates a key pair and a hash value of the input value 12 . Specifically, it is as follows.
  • the signature/hash function unit 211 of the arithmetic circuit 210 generates a key pair of a public key (FPGA) 222 and a private key (FPGA) 223, as shown in FIG.
  • the signature/hash function unit 211 of the arithmetic circuit 210 generates a hash value (input value) 214 using a hash function (input value) 212, as shown in FIG.
  • the calculation result by the calculation circuit 210 is output to the RAM 220 (see S61).
  • the RAM 220 temporarily stores a hash value (input value) 231, a hash value (circuit information) 232, an output value 13, and a signature (FPGA).
  • the RAM 220 also temporarily stores an input value 12, a public key (CPU) 401 of the CPU 100, a public key (FPGA) 222 of the FPGA 200, and a secret key (FPGA) 223 of the FPGA 200.
  • the FPGA 200 uses a private key (FPGA) 233 to generate a hash value (input value) 231, a hash value (circuit information) 232, a hash value (circuit information) 232, and an output Sign the value 13.
  • the FPGA 200 sends a hash value (input value) 231, a hash value (circuit information) 232, a signature (FPGA) 223 attached to the output value 13, and a public key (FPGA) 222 to the CPU 100 (see S62).
  • the CPU 100 verifies the hash value and signature. Specifically, hash value verification is as follows. As shown in FIG. 23, the CPU 100 inputs an input value 12, circuit information 11, a public key (CPU) 401 and a signature (CPU) 402, and uses a hash function (CPU) 141 to generate a hash value (input value) 142. , a hash value (circuit information) 143 is generated. Attestation may be performed to confirm that the CPU 100 is a reliable FPGA when verifying the hash value and signature.
  • FIG. 24 is a control sequence diagram of ⁇ output result transmission> of the circuit information integrity verification system 1 between the CPU and the accelerator in FIG.
  • FIG. 25 is a diagram for explaining signature verification of a signature (FPGA) 223 attached to the output value 13 using the public key (FPGA) 222 of the CPU 100. As shown in FIG.
  • the FPGA 200 has a public key (FPGA) 222, a secret key (FPGA) 223, circuit information 11, a hash value (circuit information) 232, a public key (CPU) 401, an input value 12, and an output value. 13 (see S401).
  • the FPGA 200 uses a private key (FPGA) 233 to generate a hash value (input value) 231, a hash value (circuit information) 232, a hash value (circuit information) 232, and an output Sign the value 13 (see S402).
  • the FPGA 200 generates a hash value (input value) 214 using a hash function (input value) 212, as shown in FIG. 21 (see S403).
  • the FPGA 200 sends a hash value (input value) 231, a hash value (circuit information) 232, a signature (FPGA) 223 attached to the output value 13, and a public key (FPGA) 222 to the CPU 100 (see S404).
  • the CPU 100 receives the circuit information 11 and the public key (signature grantor) 52 sent from the development PC 10 (see FIG. 2) at the signature receiving section 131 (see FIG. 5) located in the protected area (enclave) 130. , signature (signature grantor) 53, input value 12, public key (input value source) 301, and signature (input value source) 303 (see S405).
  • the CPU 100 verifies the signature (FPGA) 223 attached to the output value 13 using the public key (FPGA) 222, as indicated by symbol r in FIG. 25 (see S406).
  • the CPU 100 inputs an input value 12, circuit information 11, a public key (CPU) 401 and a signature (CPU) 402, and uses a hash function (CPU) 141 to generate a hash value (input value) 142. , hash value (circuit information) 143 (see S407). So far, ⁇ output result transmission> has been described.
  • the CPU 100 and the FPGA 200 executing the specific processing of the application offloaded from the CPU 100 are provided, and the integrity verification of the circuit information 11 between the CPU 100 and the FPGA 200 is performed.
  • the CPU 100 has a protection area (enclave) 130 for preventing falsification, and the protection area (enclave) 130 contains the signature of the circuit information 11 signed by the development PC 10 and sent to the CPU 100.
  • the signature verification unit 132 to be verified and the signature (signature grantor) 53 verified by the signature verification unit 132 are signed with the public key of the CPU 100 (public key (CPU) 401).
  • (CPU) 402 is replaced by a signature replacement unit 135.
  • the FPGA 200 When the input value 12 is sent from the CPU 100, the FPGA 200 performs calculation based on the input value 12, and converts the input value 12 to the output value. Then, the hash value of the circuit information 11 and the signature (signature (FPGA) 233) are added and sent to the CPU 100.
  • FIG. 1 A block diagram illustrating an exemplary computing environment in accordance with the present disclosure.
  • the CPU 100 can verify the results from the FPGA 200, it is possible to confirm the integrity that the circuit information 11 and the like have not been tampered with. In other words, the CPU 100 can verify the correctness of important information (whether the calculated value is correct or whether the communication between the enclave 130 and the FPGA 200 has been tampered with).
  • the signature verification unit 132 verifies the signature of the input value 12 that has been signed by the input value source 300 and sent to the CPU 100, and the signature replacement unit 135 sends Before sending the input value 12, the signature verified by the signature verification unit 132 is replaced with the signature using the key of the CPU 100 (public key (CPU) 401).
  • the development PC 10 signs the circuit information 11 by a signature grantor 50 certified by a trusted third party (CA).
  • CA trusted third party
  • a signature (signature (CPU) 403) is made with the hash value (CPU) 152 and the secret key (CPU) 402.
  • the signature verifying unit 132 generates a hash value (CPU) 152 of the circuit information 11 and a hash value calculated by the signature grantor 50 (calculated from the received signature (CPU) 403 and public key (CPU) 401). to verify the signature.
  • the signature verification unit 132 compares the hash value (CPU) 152 of the circuit information 11 with the hash value calculated by the signature grantor 50 to verify the signature, thereby enabling the signature replacement unit 135 to verify the signature.
  • the signature verification unit 132 Prior to the replacement of the signature (CPU) 402, it is possible to confirm the integrity that the replacement itself has not been tampered with.
  • the signature verification unit 132 verifies the hash value and signature sent from the FPGA200.
  • the FPGA 200 registers in advance the public key of the public key and the private key generated by the CPU 100, and the signature of the circuit information 11 sent to the FPGA 200 after being signed by the CPU 100 is verified using the registered public key.
  • each configuration, function, etc. described above may be realized by software for a processor to interpret and execute a program for realizing each function.
  • Information such as programs, tables, files, etc. that realize each function is stored in memory, hard disk, SSD (Solid State Drive) and other recording devices, IC (Integrated Circuit) cards, SD (Secure Digital) cards, optical discs, etc. It can be held on a recording medium.
  • processing steps describing time-series processing refer to processing performed in time-series according to the described order, as well as processing performed in parallel or individually, even if processing is not necessarily performed in time-series. It also includes processing (eg, parallel processing or processing by objects) that is executed in parallel.
  • Circuit information integrity verification system 10 Development PC 11 circuit information 12 input value 13 output value 50 signature grantor (signature granting device) 52 public key (signature grantor) 53 Signature (Signature Grantor) 100 CPUs 130 enclave 131 signature reception unit 132 signature verification unit 133 key pair generation unit 134 signature generation unit 135 signature replacement unit 136 signature transmission unit 152 hash value of circuit information 200 FPGA (accelerator) 210 Arithmetic circuit 211 Hash function part 212, 231 Hash value (input value) 222 public key (FPGA) 223 private key (FPGA) 232 hash value (circuit information) 233 Signature (FPGA) 300 Input value source 401 Public key (CPU) 402 private key (CPU) 403 Signature (CPU)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

Une unité centrale (100) d'un système de vérification d'intégrité d'informations de circuit (1) comporte, dans une enclave (130), à la fois une unité de vérification de signature (132) qui vérifie la signature des informations de circuit (11) signée par un PC de développement (10) et envoyée à l'unité centrale (100), et une unité de remplacement de signature (135) qui remplace la signature vérifiée par l'unité de vérification de signature (132) à l'aide d'une clé de l'unité centrale (100) avant d'envoyer les informations de circuit 11 au côté FPGA (200). Lorsqu'une valeur d'entrée (12) est envoyée depuis l'unité centrale (100) au FPGA (200), le FPGA (200) effectue un calcul sur la base de la valeur d'entrée (12) pour produire une valeur de sortie, ajoute, à la valeur de sortie, des valeurs de hachage de la valeur d'entrée (12) et des informations de circuit (11) et une signature, et envoie la valeur obtenue à l'unité centrale (100).
PCT/JP2021/024405 2021-06-28 2021-06-28 Système de vérification d'intégrité d'informations de circuit et procédé de vérification d'intégrité d'informations de circuit WO2023275947A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2021/024405 WO2023275947A1 (fr) 2021-06-28 2021-06-28 Système de vérification d'intégrité d'informations de circuit et procédé de vérification d'intégrité d'informations de circuit
JP2023531162A JPWO2023275947A1 (fr) 2021-06-28 2021-06-28

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/024405 WO2023275947A1 (fr) 2021-06-28 2021-06-28 Système de vérification d'intégrité d'informations de circuit et procédé de vérification d'intégrité d'informations de circuit

Publications (1)

Publication Number Publication Date
WO2023275947A1 true WO2023275947A1 (fr) 2023-01-05

Family

ID=84690987

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/024405 WO2023275947A1 (fr) 2021-06-28 2021-06-28 Système de vérification d'intégrité d'informations de circuit et procédé de vérification d'intégrité d'informations de circuit

Country Status (2)

Country Link
JP (1) JPWO2023275947A1 (fr)
WO (1) WO2023275947A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103475469A (zh) * 2013-09-10 2013-12-25 中国科学院数据与通信保护研究教育中心 一种结合cpu和gpu实现sm2算法的方法及装置
CN103546288A (zh) * 2013-09-25 2014-01-29 中国科学院数据与通信保护研究教育中心 Sm2数字签名生成算法的实现方法及装置
JP2015075801A (ja) * 2013-10-07 2015-04-20 株式会社日立製作所 制御システム及び認証装置
JP2016136390A (ja) * 2015-01-19 2016-07-28 大日本印刷株式会社 処理方式判定装置、携帯型情報処理装置、icカード、処理方式判定方法、及び処理方式判定プログラム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103475469A (zh) * 2013-09-10 2013-12-25 中国科学院数据与通信保护研究教育中心 一种结合cpu和gpu实现sm2算法的方法及装置
CN103546288A (zh) * 2013-09-25 2014-01-29 中国科学院数据与通信保护研究教育中心 Sm2数字签名生成算法的实现方法及装置
JP2015075801A (ja) * 2013-10-07 2015-04-20 株式会社日立製作所 制御システム及び認証装置
JP2016136390A (ja) * 2015-01-19 2016-07-28 大日本印刷株式会社 処理方式判定装置、携帯型情報処理装置、icカード、処理方式判定方法、及び処理方式判定プログラム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ELRABAA, M. E. S. ET AL.: "Secure Computing Enclaves Using FPGAs", IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING ., vol. 18, no. 2, 6 August 2019 (2019-08-06), pages 593 - 604, XP011842275, DOI: 10.1109/TDSC.2019.2933214 *

Also Published As

Publication number Publication date
JPWO2023275947A1 (fr) 2023-01-05

Similar Documents

Publication Publication Date Title
CN111095256B (zh) 在可信执行环境中安全地执行智能合约操作
US10103894B2 (en) Creating a digital certificate for a service using a local certificate authority
US11244054B2 (en) Method and apparatus for trusted computing
Anati et al. Innovative technology for CPU based attestation and sealing
US8631507B2 (en) Method of using signatures for measurement in a trusted computing environment
EP2080142B1 (fr) Attestation de plates-formes informatiques
US9405912B2 (en) Hardware rooted attestation
CN111095899A (zh) 针对可信执行环境的分布式密钥管理
CN110199285B (zh) 从属包围区二进制文件
CN115048652A (zh) 针对运行已验证软件的硬件的端到端安全性
JP2012099128A (ja) 呼び出しプログラムについての秘密の封印解除方法
JP2008507203A (ja) ディストリビューションcdを使用した、署名されたグループにおけるダイレクトプルーフの秘密鍵を装置に伝達する方法
JP2018117185A (ja) 情報処理装置、情報処理方法
JP6780771B2 (ja) 検証情報付与装置、検証装置、情報管理システム、方法およびプログラム
US11748521B2 (en) Privacy-enhanced computation via sequestered encryption
US9692641B2 (en) Network connecting method and electronic device
US9800410B1 (en) Data encryption system and method
WO2023275947A1 (fr) Système de vérification d'intégrité d'informations de circuit et procédé de vérification d'intégrité d'informations de circuit
US11985255B2 (en) Data integrity validation via degenerate keys
CN115549984A (zh) 跨链交易方法、装置、设备和存储介质
Hao et al. Trusted block as a service: Towards sensitive applications on the cloud
DiLuoffo et al. Credential Masquerading and OpenSSL Spy: Exploring ROS 2 using DDS security
WO2023145240A1 (fr) Dispositif de traitement d'informations et système de traitement d'informations
WO2024098759A1 (fr) Procédé de vérification de sécurité, système de traitement de données, support d'enregistrement et produit programme
Belay Securing the boot process of embedded Linux systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21948259

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023531162

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21948259

Country of ref document: EP

Kind code of ref document: A1